Solved How to access this multi-level pointer address value in DLL injection?

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

zeion

Newbie
Full Member
Aug 27, 2013
5
192
0
Hi there,

So I've successfully found the static address I want to write to after doing a pointer scan on CE.
I end up with something like "game.exe" + offset 1 (long) + offset 2 + offset 3 + offset 4 + offset 5.

My question is, how can I find the address to write to in c++ after dll injection? Do I need to find the address for "game.exe" somehow? Or is the base address the first long offset? (offset1)?

Right now I'm trying to get "game.exe" 's address by GetModuleHandle(0) but it seems to give me the same address (0x400000) each time, which shouldn't be right. Since, if I try to calculate the address for "game.exe" manually by subtracting the first offset in CE I get a different value for "game.exe" each time.

I hope I've explained clearly, please help me if you can, thanks.
 

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,187
12,638
76
0x400000 is perfectly fine, thats where it's mapped on virtual memory space by windows. If you want to get an address of another module though, call GetModuleHandle

Use Source Code - FindDMAAddy - How To Pointer C++ there is an internal version in there
 
Last edited by a moderator:

zeion

Newbie
Full Member
Aug 27, 2013
5
192
0
Okay, maybe I'm not understanding this completely but, I thought the point of the offsets was so that we could locate the dynamic address that changes each time because the base address changes each time?

This is what CE is telling me:

ce_ss.png

Which would mean that "game.exe" = E13E070 - 12D90D4 = CE64F9C?

Now when I restart the game I get this:

ce_ss2.png

Which would mean that "game.exe = E189660 - 12D90D4 = CEB058C correct?

So I am just confused as to how to get this value of "game.exe"? Or am I going about this the wrong way?
 

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,187
12,638
76
"Value" of game.exe would be 0x400000 , ie. (UINT)GetModuleHandleA("game.exe");
 

zeion

Newbie
Full Member
Aug 27, 2013
5
192
0
Okay so, based on what CE is telling me, how would I write to the final pointer address shown there in my injected c++ dll?

Right now I'm trying this:

C++:
        DWORD gameBase = GetModuleHandleA("game.exe");
	DWORD pdwAddress = (DWORD)(*(DWORD*) gameBase + 0x12D90D4);
	DWORD pdw2ndAddress = (DWORD)(*(DWORD*) pdwAddress + 0x44 );
	DWORD pdw3rdAddress = (DWORD)(*(DWORD*) pdw2ndAddress + 0x1C );
	DWORD pdw4thAddress = (DWORD)(*(DWORD*) pdw3rdAddress + 0x64 );
	DWORD AddressToWrite = (DWORD)(*(DWORD*) pdw4thAddress + 0x10C );
Would that give me the proper final address?
 

zeion

Newbie
Full Member
Aug 27, 2013
5
192
0
My game crashes whenever I try to tell the DLL to calculate the address for some reason.. I've also tried to use the FindDmaAddy function from fleep's tutorial but that gives me a weird address of 9, which I don't think is right. I'm not actually writing to memory yet so it seems to crash even just by calculating address. Any ideas why? The game gives me an exception saying that the memory at address 0x_____ could not be read.
 

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,187
12,638
76
Attach a debugger and step through or catch the exception. Probably your first address where it goes wrong
 

Szaka

Coder
Full Member
Nobleman
Mar 14, 2013
161
718
3
or maybe u coded app with 400000 address and not 0x400000. CE shows every offset in hex, this mistke is common
 

zeion

Newbie
Full Member
Aug 27, 2013
5
192
0
If I do this it should work right?

C++:
DWORD pdwAddress = (DWORD)(*(DWORD*) 0x400000 + 0x12D90D4);
DWORD pdw2ndAddress = (DWORD)(*(DWORD*) pdwAddress + 0x44 );
DWORD pdw3rdAddress = (DWORD)(*(DWORD*) pdw2ndAddress + 0x1C );
DWORD pdw4thAddress = (DWORD)(*(DWORD*) pdw3rdAddress + 0x64 );
AddressToWrite = (DWORD)(*(DWORD*) pdw4thAddress + 0x10C );
Although it still gives me error: memory could not be "read"... would that mean that one of the offsets is wrong? Or the way I de-reference the poitners?

Also I don't need to include the 0x0 offset right?
 
Last edited:

edgar

Newbie
Full Member
Dec 30, 2012
28
518
3
This is wrong.

DWORD pdwAddress = (DWORD)(*(DWORD*) 0x400000 + 0x12D90D4);
Think about what that is doing... The type cast operator and the unary plus operator have equal precedence and associate from left to right. Therefore you cast 0x400000 to a DWORD pointer first then add 0x12D90D4*sizeof(DWORD) to it. Try this instead.

DWORD pdwAddress = *(DWORD *)(0x400000 + 0x12D90D4);
Reference : https://en.wikipedia.org/wiki/Operators_in_C_and_C++
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods